<html>
<head><meta charset="utf-8"><title>playground isolation · t-infra · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/index.html">t-infra</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html">playground isolation</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="218625161"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218625161" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> pnkfelix <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218625161">(Dec 02 2020 at 21:52)</a>:</h4>
<p>I have Q's about the isolation model of the current playground. is this is the right place to ask them?</p>



<a name="218625863"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218625863" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218625863">(Dec 02 2020 at 21:58)</a>:</h4>
<p>sure</p>



<a name="218626829"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218626829" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> pnkfelix <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218626829">(Dec 02 2020 at 22:06)</a>:</h4>
<p>IIRC, the original playground used seccomp to restrict the capabilities of the program being run in the playground</p>



<a name="218626848"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218626848" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> pnkfelix <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218626848">(Dec 02 2020 at 22:06)</a>:</h4>
<p>is that still our main basis for capability control? or do we use something else now?</p>



<a name="218631094"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218631094" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alex Crichton <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218631094">(Dec 02 2020 at 22:45)</a>:</h4>
<p><span class="user-mention" data-user-id="116155">@Jake Goulding</span> ^</p>



<a name="218631170"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218631170" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218631170">(Dec 02 2020 at 22:46)</a>:</h4>
<p>It’s mostly docker, but adding additional layers wouldn’t be bad.</p>



<a name="218631233"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218631233" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218631233">(Dec 02 2020 at 22:46)</a>:</h4>
<p><a href="https://github.com/integer32llc/rust-playground/issues/41">https://github.com/integer32llc/rust-playground/issues/41</a></p>



<a name="218635995"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218635995" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> pnkfelix <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218635995">(Dec 02 2020 at 23:39)</a>:</h4>
<p>Is docker isolated against e.g. a fork bomb attempt to <del>DDOS</del> DOS play.rlo?</p>



<a name="218636115"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218636115" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> pnkfelix <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218636115">(Dec 02 2020 at 23:40)</a>:</h4>
<p>(to be clear I don't even know if one is allow to do a <code>fork</code> in play in the first place. That would be one way to guard against that, though probably stronger than what we'd want.)</p>



<a name="218636223"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218636223" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> pnkfelix <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218636223">(Dec 02 2020 at 23:42)</a>:</h4>
<p>(oh I'm pretty sure <code>Command</code> works in play, so we can't have such a restriction in place, right?)</p>



<a name="218636339"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218636339" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Joshua Nelson <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218636339">(Dec 02 2020 at 23:43)</a>:</h4>
<p>well it runs at least, not sure if it ever <em>stops</em> running <a href="https://play.rust-lang.org/?version=stable&amp;mode=debug&amp;edition=2018&amp;gist=5dc6531b7ec65d6fba390c1f6bdf6f09">https://play.rust-lang.org/?version=stable&amp;mode=debug&amp;edition=2018&amp;gist=5dc6531b7ec65d6fba390c1f6bdf6f09</a></p>



<a name="218636494"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218636494" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> pnkfelix <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218636494">(Dec 02 2020 at 23:44)</a>:</h4>
<p>At least that doesn't seem to have <del>DDOS</del> DOS'ed play.rlo</p>



<a name="218636498"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218636498" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> pnkfelix <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218636498">(Dec 02 2020 at 23:44)</a>:</h4>
<p>so that's good</p>



<a name="218637114"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218637114" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218637114">(Dec 02 2020 at 23:51)</a>:</h4>
<p><a href="https://github.com/integer32llc/rust-playground/blob/e54f710abbfdc03d9084bc8add0459257780281e/ui/src/sandbox.rs#L453">https://github.com/integer32llc/rust-playground/blob/e54f710abbfdc03d9084bc8add0459257780281e/ui/src/sandbox.rs#L453</a></p>



<a name="218637759"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218637759" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218637759">(Dec 02 2020 at 23:57)</a>:</h4>
<p>There are a variety of tests at the bottom of that file for the things we check</p>



<a name="218818705"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218818705" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218818705">(Dec 04 2020 at 11:04)</a>:</h4>
<p>docker will run a new process namespace, which will not affect the process namespace in the host.</p>



<a name="218818802"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218818802" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218818802">(Dec 04 2020 at 11:05)</a>:</h4>
<p>Similarly it will have a memory cgroup, so you cannot exhaust all of the memory – I believe playground has a limit on memory set.</p>



<a name="218818895"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218818895" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218818895">(Dec 04 2020 at 11:06)</a>:</h4>
<p>those two combined mean you cannot fork bomb pretty much – you'll run out of PIDs or memory and the processes within container will start getting killed, retaining operation of the system.</p>



<a name="218818916"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218818916" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218818916">(Dec 04 2020 at 11:06)</a>:</h4>
<p>(at which point the timeouts hit and kill the entire namespace/container)</p>



<a name="218818959"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218818959" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nagisa <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218818959">(Dec 04 2020 at 11:06)</a>:</h4>
<p>IIRC a typical Windows application also holds a system-global lock during process creation if its linked to certain common system dlls. Linux ones don't do that… that probably helps too.</p>



<a name="218837031"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/242791-t-infra/topic/playground%20isolation/near/218837031" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Jake Goulding <a href="https://rust-lang.github.io/zulip_archive/stream/242791-t-infra/topic/playground.20isolation.html#218837031">(Dec 04 2020 at 14:13)</a>:</h4>
<p>Also, as linked above, we set the max # of PIDs during the invocation.</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>